Hi

Avast blocked this site: hxxp://blog.unmaskparasites.com/category/website-exploits/. FalseAlarm?

VPS: 100110-1, 10.01.2010
hxxp://blog.unmaskparasites.com/category/website-exploits/feed/{gzip} [L] HTML:Illiframe-D [Trj] (0)

Unmaskparasites report:
http://www.UnmaskParasites.com/security-report/?page=blog.unmaskparasites.com/category/website-exploits/

Thx and have a nice day.

Hi JuninhoSlo,

Given the nature of the site and what the owner is trying to convey, I believe it to be a simple mistake in which the code has been broken to deactivate it, and also be able to show it, however it is still picked up be avast! as it still exists, almost as it would normally in the source code.

For example, one detection that I have found is on an iframe that is broken somewhat, yet it still exists and so avast! alerts. (see the image) the iframe is broken, but it will still cause an alert, as I have found out. (There are also more, but I have not exactly been able to pin them down…)

I think I will notify the blog owner and hopefully also persuade them to use images in the future to prevent this sort of thing happening in the future.

There is also the possibility that the site may have been genuinely hacked…as it is a very useful tool that thwarts many infections, so would be an ideal target…

-Scott-

Here is a Russian report of a similar website infection with this via PHP hack:
http://forum.oszone.net/thread-155730.html

polonus